Restricting/Locking/Password Protecting Attachments on HR Case Form

Rob Sestito
Mega Sage

Hello SN Comm,

I want to see if anyone knows a good way to protect attachments that are attached to an HR Case form? Can it be locked to only the Assigned To (and maybe also certain users with a special role, etc.)?

Maybe even having to enter in a password when trying to view the attachment from the Case?? I feel like that idea is pretty far out there, but hey - ya never know what the system can to until you go through it and/ or ask!

Thank you,

-Rob

 

1 ACCEPTED SOLUTION

Kevin Velovski
Kilo Guru

Rob,

 

I see most of the replies have been to provide technical solutions within the HR Scoped app using ACLs.

I'm going to suggest another approach for you to think about. The HR Scoped App has an extra application "Employee Document Management". (https://docs.servicenow.com/bundle/london-hr-service-delivery/page/product/human-resources/concept/hr-employee-doc-management.html)

One of the key points with EDM is that it allows you to put security controls around documents associated with Employee's Profile (from cases, etc) via Document Types:

Use document types to:

  • Associate a security policy. Security policies determine who can access employee documents and determine purge authorization.
  • Associate a retention policy. Retention policies determine how long to keep a document and who the document is applicable to.
  • Place a legal hold. Legal holds temporarily prevent document purging or changes to the document.-
  • Allow access to employees.
  • Configure employee documents to be moved automatically when an HR case is closed. Assign a topic detail associated with an HR service that has the Automatically move attachments box checked. See Configure an HR service.

Keep in mind EDM is an extra license cost.

Thanks,

Kevin

View solution in original post

17 REPLIES 17

Cody Smith _ Cl
Tera Guru

You could create a Read ACL for sys_attachment. Using something similar to this. 

 if(current.table_name == 'hr_case'){
   if(current.sys_created_by == gs.getUserName() || gs.hasRole('The Role you are looking for')){
     return true;
    }else{
      return false;
    }
}

 

If my answer was helpful, or solved your issue, please mark it as Helpful / Correct.
Thank you,
Cody Smith
 

Hey Cody,

Thanks for replying - as I thought that would be a good way to go actually. I adjusted the code you provided as I would need (correct table and role to use). But I get the following error, and I am unable to see it. Are you able to see it?

find_real_file.png

Thanks,

-Rob

Hey - I think I got it.

find_real_file.png

Yeah, that looks right.